cancel
Showing results for 
Search instead for 
Did you mean: 
Data Governance
Join discussions on data governance practices, compliance, and security within the Databricks Community. Exchange strategies and insights to ensure data integrity and regulatory compliance.
cancel
Showing results for 
Search instead for 
Did you mean: 

Permission Request Error – MODIFY Not Assignable in Unity Catalog

boitumelodikoko
Valued Contributor

Hi everyone,

I'm running into an issue when requesting permissions on a Unity Catalog table. Specifically, when trying to request SELECT and MODIFY privileges on a specific table, using Request for Access in Unity Catalog.

 
I get the following error:

the following permissions are not assignable WrappedArray(MODIFY), valid permissions are: Vector(ALL_PRIVILEGES, SELECT, APPLY_TAG, MANAGE)

From what I understand, Unity Catalog doesn't recognise MODIFY as a valid grantable permission on this object type. Instead, it seems only the following are allowed:

  • ALL PRIVILEGES

  • SELECT

  • APPLY_TAG

  • MANAGE

Question:

  1. Is MODIFY intentionally not supported for tables in Unity Catalog?

  2. If I need to insert/update/delete records, should I be requesting a different permission (e.g., ALL PRIVILEGES or something more granular)?

  3. Has anyone else run into this when requesting permissions via the UI, and how did you handle it?

Any insights would be greatly appreciated!

Thanks in advance.

boitumelodikoko_1-1759227752293.png

 

 


Thanks,
Boitumelo
1 REPLY 1

szymon_dybczak
Esteemed Contributor III

Hi @boitumelodikoko ,

Weird, it looks like a bug. MODIFY is a valid permission for table object. You can check it yourself in docs:

Unity Catalog privileges and securable objects | Databricks on AWS

szymon_dybczak_0-1759229322931.png

Modify allows user to add, update, and delete data to or from the table if the user also has SELECT on the table as well as USE CATALOG on its parent catalog and USE SCHEMA on its parent schema. Since privileges are inherited, you can grant a user the MODIFY privilege on a catalog or schema, which automatically grants the user the MODIFY privilege on all current and future tables in the catalog or schema.

szymon_dybczak_2-1759229422865.png

 

So, unless your table is foreign table it should work. In my opinion you can raise a bug on databricks support. As a workaround for now, you can request ALL PRIVELAGES permission.

Join Us as a Local Community Builder!

Passionate about hosting events and connecting people? Help us grow a vibrant local community—sign up today to get started!

Sign Up Now